diff options
Diffstat (limited to 'sys/netinet6/raw_ip6.c')
-rw-r--r-- | sys/netinet6/raw_ip6.c | 27 |
1 files changed, 6 insertions, 21 deletions
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 00205ff..03b9a41 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -176,25 +176,18 @@ rip6_input(mp, offp, proto) if (last) { struct mbuf *n = m_copy(m, 0, (int)M_COPYALL); -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ if (n && ipsec6_in_reject(n, last)) { m_freem(n); +#ifdef IPSEC ipsec6stat.in_polvio++; - /* do not inject data into pcb */ - } else #endif /*IPSEC*/ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (n && ipsec6_in_reject(n, last)) { - m_freem(n); /* do not inject data into pcb */ } else -#endif /*FAST_IPSEC*/ +#endif /*IPSEC || FAST_IPSEC*/ if (n) { if (last->in6p_flags & IN6P_CONTROLOPTS || last->in6p_socket->so_options & SO_TIMESTAMP) @@ -215,27 +208,19 @@ rip6_input(mp, offp, proto) } last = in6p; } -#ifdef IPSEC +#if defined(IPSEC) || defined(FAST_IPSEC) /* * Check AH/ESP integrity. */ if (last && ipsec6_in_reject(m, last)) { m_freem(m); +#ifdef IPSEC ipsec6stat.in_polvio++; - ip6stat.ip6s_delivered--; - /* do not inject data into pcb */ - } else #endif /*IPSEC*/ -#ifdef FAST_IPSEC - /* - * Check AH/ESP integrity. - */ - if (last && ipsec6_in_reject(m, last)) { - m_freem(m); ip6stat.ip6s_delivered--; /* do not inject data into pcb */ } else -#endif /*FAST_IPSEC*/ +#endif /*IPSEC || FAST_IPSEC*/ if (last) { if (last->in6p_flags & IN6P_CONTROLOPTS || last->in6p_socket->so_options & SO_TIMESTAMP) |